Comments on: The C-I-A Triad – weighed and found wanting http://securityrenaissance.com/2007/04/11/the-c-i-a-triad-%e2%80%93-weighed-and-found-wanting/ Promoting the art and mindset of information security Sat, 22 Nov 2008 16:03:11 +0000 http://wordpress.org/?v=2.0.5 by: Faith Young http://securityrenaissance.com/2007/04/11/the-c-i-a-triad-%e2%80%93-weighed-and-found-wanting/#comment-1491 Thu, 10 May 2007 08:41:12 +0000 http://securityrenaissance.com/2007/04/11/the-c-i-a-triad-%e2%80%93-weighed-and-found-wanting/#comment-1491 Thanks. That was a great explanation. I agree with you, but there must be a balance in relation to the importance of the assets that are being protected. Non-repudiation is the inability to deny the integrity and authenticity of a document. On one end of the balance, encryption and data signatures are needed for important transactions. On the other end of the balance, IRC chat logs might possibly be considered anonymous. During my studies, my case study organization is a public Web site that believes in sharing information. Information is their main asset and it was a challenge communicating to them that classifying their assets is an extremely important step in achieving a balance in Information Assurance. The result was that they do have processes and information that is not public. They have to protect that information. Thanks. That was a great explanation. I agree with you, but there must be a balance in relation to the importance of the assets that are being protected. Non-repudiation is the inability to deny the integrity and authenticity of a document. On one end of the balance, encryption and data signatures are needed for important transactions. On the other end of the balance, IRC chat logs might possibly be considered anonymous.

During my studies, my case study organization is a public Web site that believes in sharing information. Information is their main asset and it was a challenge communicating to them that classifying their assets is an extremely important step in achieving a balance in Information Assurance. The result was that they do have processes and information that is not public. They have to protect that information.

]]> by: www.andrewhay.ca » Suggested Blog Reading - Thursday, April 12th, 2007 http://securityrenaissance.com/2007/04/11/the-c-i-a-triad-%e2%80%93-weighed-and-found-wanting/#comment-810 Thu, 12 Apr 2007 19:45:19 +0000 http://securityrenaissance.com/2007/04/11/the-c-i-a-triad-%e2%80%93-weighed-and-found-wanting/#comment-810 [...] The C-I-A Triad – weighed and found wanting Believe it or not, the field of Information Security has changed! Foundational concepts, such as the traditional C-I-A triad (Confidentiality, Integrity, and Availability) are being challenged and supplanted by a more inclusive model known as the Parkerian Hexad See Andrew Hay and Daniel Cid's tutorial on Enterprise Log Analysis with Q1 Labs QRadar and OSSEC at the iTrust and PST Conferences on Privacy, Trust Management and Security in Moncton, New Brunswick, Canada. Email andrewsmhay [at] gmail.com for more information. [...] […] The C-I-A Triad – weighed and found wanting Believe it or not, the field of Information Security has changed! Foundational concepts, such as the traditional C-I-A triad (Confidentiality, Integrity, and Availability) are being challenged and supplanted by a more inclusive model known as the Parkerian Hexad See Andrew Hay and Daniel Cid’s tutorial on Enterprise Log Analysis with Q1 Labs QRadar and OSSEC at the iTrust and PST Conferences on Privacy, Trust Management and Security in Moncton, New Brunswick, Canada. Email andrewsmhay [at] gmail.com for more information. […]

]]> by: Rob Lewis http://securityrenaissance.com/2007/04/11/the-c-i-a-triad-%e2%80%93-weighed-and-found-wanting/#comment-808 Thu, 12 Apr 2007 15:38:32 +0000 http://securityrenaissance.com/2007/04/11/the-c-i-a-triad-%e2%80%93-weighed-and-found-wanting/#comment-808 This adds value to the discussion, except that part of the diagram is cut off on the right hand side. What are the descriptors for integrity and authenticity please? This adds value to the discussion, except that part of the diagram is cut off on the right hand side. What are the descriptors for integrity and authenticity please?

]]> by: LonerVamp http://securityrenaissance.com/2007/04/11/the-c-i-a-triad-%e2%80%93-weighed-and-found-wanting/#comment-807 Thu, 12 Apr 2007 15:30:50 +0000 http://securityrenaissance.com/2007/04/11/the-c-i-a-triad-%e2%80%93-weighed-and-found-wanting/#comment-807 I may have to pick up that book at the bookstore and flip through to this section, as I'm not sure I buy in, yet. Seems to me that Integrity covers Authenticity and some of Utility just fine. Availability covers the rest of Utility. And Confidentiality covers Possession... I may have to pick up that book at the bookstore and flip through to this section, as I’m not sure I buy in, yet.

Seems to me that Integrity covers Authenticity and some of Utility just fine. Availability covers the rest of Utility. And Confidentiality covers Possession…

]]>